Apple Urgently Patches Actively Exploited Zero-Days

Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309.

Follow Dark Reading:

November 21, 2024

LATEST SECURITY NEWS & COMMENTARY Apple Urgently Patches Actively Exploited Zero-Days Though information regarding the exploits is limited, the company did report that Intel-based Mac systems have been targeted by cybercriminals looking to exploit CVE-2024-44308 and CVE-2024-44309. China's 'Liminal Panda' APT Attacks Telcos, Steals Phone Data In US Senate testimony, a CrowdStrike exec explained how this advanced persistent threat penetrated telcos in Asia and Africa, gathering SMS messages, unique identifiers, and other metadata along the way. 'Water Barghest' Sells Hijacked IoT Devices for Proxy Botnet Misuse An elusive, sophisticated cybercriminal group has used known and zero-day vulnerabilities to compromise more than 20,000 SOHO routers and other IoT devices so far, and then puts them up for sale on a residential proxy marketplace for state-sponsored cyber-espionage actors and others to use. Alleged Ford 'Breach' Encompasses Auto Dealer Info Cybersecurity investigators found the leaked data to be information from a third party, not Ford itself, that is already accessible to the public and not sensitive in nature. Small US Cyber Agencies Are Underfunded & That's a Problem If the US wants to maintain its lead in cybersecurity, it needs to make the tough funding decisions that are demanded of it. MORE NEWS / MORE COMMENTARY HOT TOPICS Salt Typhoon Hits T-Mobile as Part of Telecom Attack Spree The company says no sensitive data was stolen, but federal agencies claim otherwise. CISA and FBI sources said attackers accessed all records of specific customers and the private communications of targeted individuals. Russian Ransomware Gangs on the Hunt for Pen Testers In further proof of the professionalization of Russian cybercriminal groups, ransomware gangs have been posting job ads for security positions such as pen testers, looking to boost their ransomware deployment operations. Name That Toon: Meeting of Minds Feeling creative? Submit your caption and our panel of experts will reward the winner with a $25 gift card. We Can Do Better Than Free Credit Monitoring After a Breach Individual companies and entire industries alike must take responsibility for protecting customer data — and doing the right thing when they fail. MORE PRODUCTS & RELEASES Security Industry Association Announces SIA RISE Scholarship Awardees Kyndryl & Microsoft Unveil New Services to Advance Cyber Resilience for Customers Akamai Reports Third Quarter 2024 Financial Results MORE PRODUCTS & RELEASES EDITORS' CHOICE Linux Variant of Helldown Ransomware Targets VMware ESXi Systems Since surfacing in August, the likely LockBit variant has claimed more than two dozen victims and appears poised to strike many more. LATEST FROM THE EDGE SWEEPS Educational Initiative Offers Application Security Training The secure coding curriculum, funded by a $2.5 million grant, is available for students and professionals at all stages of their careers. LATEST FROM DR TECHNOLOGY RIIG Launches With Risk Intelligence Solutions RIIG is a risk intelligence and cybersecurity solutions provider offering open source intelligence solutions designed for zero-trust environments. LATEST FROM DR GLOBAL African Reliance on Foreign Suppliers Boosts Insecurity Concerns Recent backdoor implants and cyber-espionage attacks on their supply chains have African organizations looking to diversify beyond Chinese, American tech vendors. WEBINARS The Unreasonable Effectiveness of Inside Out Attack Surface Management Social Engineering: New Tricks, New Threats, New Defenses View More Dark Reading Webinars >> WHITE PAPERS Enterprise Key Management Buyer's Guide Top 10 CI/CD Security Risks: The Technical Guide 6 Key Requirements of Multicloud Security IDC White Paper: The Peril and Promise of Generative AI in Application Security The State of Asset Security: Uncovering Alarming Gaps & Unexpected Exposures Generative AI Gifts 5 Essential Insights into Generative AI for Security Leaders View More White Papers >> FEATURED REPORTS Managing Third-Party Risk Through Situational Awareness 2024 InformationWeek US IT Salary Report View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us